Improve Perf of Pure JSON Data

This minor release drastically improves the perf of serializing pure JSON data with the new {isJSON: true} flag. #17

Passing a replacer function to JSON.stringify() slows it down dramatically. If possible, we should avoid this this path, and the new isJSON option is the signal that the object passed-in contains no functions or regexp values. But still protect against XSS by properly escaping for a <script> context.

Node v0.12.10
simpleObj:
JSON.stringify( simpleObj ) x 1,303,349 ops/sec ±0.66% (99 runs sampled)
JSON.stringify( simpleObj ) with replacer x 386,634 ops/sec ±0.72% (96 runs sampled)
serialize( simpleObj ) x 284,535 ops/sec ±0.92% (98 runs sampled)
serialize( simpleObj, {isJSON: true} ) x 951,798 ops/sec ±0.92% (96 runs sampled)

Add Space Option

This minor release adds a space option that passes through to JSON.stringify's space option.

serialize({foo: 'foo'}, 2);

{
  "foo": "foo"
}

Improve Safety with Generated UIDs

There are no known exploits in the wild, but this improves the safety of this package.

This release fixes #5 by using generated UIDs and generated RegExps which use those UIDs making the placeholder token pattern used for serializing functions and regular expressions dynamic and unguessable.

---

Note: v1.1.0 and v1.1.1 have been unpublished from npm and PR #4 has been reverted because it was a hack and caused more problems than good.

Initial Release

The code in this package began its life as an internal module to express-state. To expand its usefulness, it now lives as serialize-javascript — an independent package on npm.

npm install serialize-javascript